A group of vx-Underground researchers noticed that the full source code of the Babuk ransomware was published on the Russian-speaking hack forum.
A member of the hack group who published the source claims that he was diagnosed with stage 4 lung cancer, and he wants to have time to “live as a human”.
A translated forum post on a hacking forum
Let me remind you that Babuk (aka Babuk Locker and Babyk) appeared in early 2021. Malware attacked companies, encrypted their data, and its operators also stole victims’ files and demanded a double ransom from the victims.
After the attack on the District of Columbia Central Police Department, Babuk operators received too much attention, and in April 2021, the hack group announced that it would cease operations.
BleepingComputer learned from a member of the Babuk ransomware gang that the group split after an attack on the Washington, D.C. Metropolitan Police Department.
After that, the “Admin” allegedly wanted to disclose the data of the MPD for publicity, while the other members of the gang were against it.
Following the data breach, the group split from the original administrator who formed the cybercrime forum Ramp, while the rest renamed the malware Babuk V2 and continue to encrypt victims’ files to this day.
Bleeping Computer also reports that the files now shared by one of the team members contain various Visual Studio projects for VMware ESXi, NAS and Windows encryption, as shown in the screenshot below.
The Windows folder contains the complete malware source code, decoder code, and a private and public key generator.
Emsisoft CTO and renowned information security expert Fabian Vosar, as well as researchers from McAfee Enterprise, have already confirmed to reporters that the leak is genuine. Vosar believes that this “leak” can help decipher the data of past victims of the ransomware, but so far the researchers are only verifying this information.
